Apple’s iMessage encryption promises may have been false

If you listen to Apple’s statements about protecting iMessage and FaceTime communications, you’d think Apple has the best encryption game in town. Not only that, but Apple isn’t playing ball with the government, as it’s looking to protect your data more than it wants to cooperate with intelligence agencies.

But a new report looking into the iPhone’s security measures that are supposed to protect your data suggests that everything we’ve been told about iMessage encryption may have been false in at least one aspect: Your data might only be safe if you’re not a suspect.

Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, wrote an interesting piece in Lawfare that dives right into the safety of the iPhone. According to him, iMessage and FaceTime conversations can be wiretapped by the FBI or any authority with the proper paperwork, in spite of what Apple has told us.

“We’re not reading your email. We’re not reading your iMessage,” Apple CEO Tim Cook told Charlie Rose in mid-September last year. “If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key. And so it’s sort of — the door is closed.”

Before pointing out the flaw – or intentional design – that leaves a backdoor open in iMessage or FaceTime, Weaver says that an iOS device may be the most secure general purpose device on the market so long as you configure it correctly. But even so, the iPhone, iPod touch or iPad can offer information to law enforcement agencies.

For example, the IMEI of an iPhone is a unique number that can help the FBI identify a suspect as long as he or she is using the device over a carrier network. The FBI could also track the user as long the device is active, with the proper warrant.

The data on the phone, including iMessages, can also be tapped into, though it may be harder at first. The 4-digit passcode can be brute-forced and a user can be convinced to unlock the device using a fingerprint. Furthermore, if the iPhone is backed up in iCloud, the FBI can obtain the backup including all iMessages from Apple.

Indeed, the FBI might have problems with deciphering live iMessage conversations, but it can obtain plenty of metadata about them with Apple’s help. And Apple can’t pretend that metadata doesn’t exist because it needs it to make iMessage conversations possible. For example, if you’re a suspect, the FBI will know whom you talked to, for how long, and how big the files you exchanged were. It won’t immediately know what you talked about with your friends, though.

But Weaver says there’s a flaw in iMessage that would let the FBI – with Apple’s explicit help following a warrant – see all the iMessages you send and receive on your devices What happens when you send an iMessage to someone who’s also an iOS user is that there’s a data exchange between your device, Apple’s servers, and the recipient’s device – Weaver uses an Alice-messages-Bob example, so let’s stick with those names.

Alice’s iPhone asks Apple’s servers the following things before sending a message: “I am Alice, please tell me all my public keys” and “I am Alice, please tell me all of Bob’s public keys.” The first message is needed so nobody can add a device to Alice’s account without her knowledge to spy on her, and the second request is made so the iMessage reaches all the devices that Bob has (iPhone, iPad, iPod touch, Mac and Watch can receive iMessages). This exchange happens every time a message is sent, without anyone’s knowledge.

After receiving responses from Apple’s servers, Alice’s iPhone encrypts the message with all the public keys and sends the result to Apple, which forwards it to Bob. Apple has no access to the contents of the message itself, but because it handles the delivery system, it can assist the FBI in wiretapping iMessages.

With Apple’s help, the FBI can tap into both of those requests so it’ll see all the iMessages Alice sends to Bob, and all the iMessages Alice receives from anyone. And that would all happen without anyone’s knowledge – to the suspects and their contacts, iMessage exchanges would continue to be a seamless process.

Obviously, the catch with this approach is that the FBI needs a per-case warrant – in other words, even if a backdoor into iMessage and FaceTime exists, it can’t apparently be used for casting a wide data collection net.

Apple so far has not responded for requests to comment on these claims.